Fix: typos

bin/admin/rename-account.sh

@@ -60,7 +60,7 @@ else
     _run usermod -m -d /home/"$to" -l "$to" "$from"
 fi
 
-# then, rename all other groups linked to the account (appart from the main one already done)
+# then, rename all other groups linked to the account (apart from the main one already done)
 # shellcheck disable=SC2043
 for suffix in tty; do
     if getent group "$from-$suffix" >/dev/null ; then

bin/helper/osh-accountCreate

@@ -68,7 +68,7 @@ if (not grep { $type eq $_ } qw{ normal realm }) {
 
 # take a lock here, do it before checking for account existence,
 # because another parallel creation of the same account might be
-# occuring, in which case we'd still hit a race condition
+# occurring, in which case we'd still hit a race condition
 # additionally, the lock type "passwd" is used by all helpers
 # that may modify /etc/passwd or /etc/group.
 $fnret = OVH::Bastion::Helper::get_lock_fh(category => "passwd");

bin/helper/osh-groupCreate

@@ -96,7 +96,7 @@ my $shortGroup = $fnret->value->{'shortGroup'};
 
 # take a lock here, do it before checking for group existence,
 # because another parallel creation of the same group might be
-# occuring, in which case we'd still hit a race condition.
+# occurring, in which case we'd still hit a race condition.
 # additionally, the lock type "passwd" is used by all helpers
 # that may modify /etc/passwd or /etc/group.
 $fnret = OVH::Bastion::Helper::get_lock_fh(category => "passwd");

bin/plugin/open/selfDelIngressKey

@@ -59,7 +59,7 @@ foreach my $key (@{$fnret->value || []}) {
 
 # Do we have anything to delete ?
 if (!%validKeys) {
-    warn_syslog("User $self has no valid keys, but somehow connected succcessfully, this shouldn't happen");
+    warn_syslog("User $self has no valid keys, but somehow connected successfully, this shouldn't happen");
     osh_exit 'ERR_NO_KEY', "You have no key to delete (wait, how did you connect in the first place?!)";
 }
 elsif (keys %validKeys == 1) {

bin/plugin/open/selfMFASetupTOTP

@@ -94,7 +94,7 @@ elsif ($TOTPProvider eq 'google-authenticator') {
 }
 elsif ($TOTPProvider eq 'duo') {
 
-    # nothing to do locally, appart from marking the user as TOTP-active, which is done after this block.
+    # nothing to do locally, apart from marking the user as TOTP-active, which is done after this block.
 }
 else {
     # unknown provider, this shouldn't happen

bin/plugin/restricted/accountCreate

@@ -72,7 +72,7 @@ if (!defined $uid && !$uidAuto) {
     osh_exit 'ERR_MISSING_PARAMETER', "Missing mandatory parameter --uid or --uid-auto";
 }
 
-# quicky ensure these params are not pure bullshit (real check is done by helper script)
+# quickly ensure these params are not pure bullshit (real check is done by helper script)
 if ($account !~ /^[a-z0-9._-]+$/i) {
     osh_exit 'ERR_INVALID_PARAMETER', "Parameter 'account' seems invalid";
 }

bin/shell/autologin

@@ -92,7 +92,7 @@ proc attempt_to_login args {
     }
 
     if { $stty_options != "" } {
-        # in that case, silence the "Password:" prompt, as our caller propably doesn't expect (sic) to see it
+        # in that case, silence the "Password:" prompt, as our caller probably doesn't expect (sic) to see it
         log_user 0
     }
 
@@ -131,7 +131,7 @@ proc attempt_to_login args {
     exit 5
 }
 
-# if no specific pasword was requested, try to login with the main password file, then try the fallbacks
+# if no specific password was requested, try to login with the main password file, then try the fallbacks
 set tryid 0
 if { $arg_password_id == -1 } {
     set last_attempt [attempt_to_login $tryid $arg_prog $arg_login $arg_file $arg_fallback_delay $spawn_args $arg_stty_options]

bin/shell/osh.pl

@@ -193,7 +193,7 @@ if (-e '/home/allowkeeper/maintenance') {
 
 $fnret = OVH::Bastion::is_account_ttl_nonexpired(account => $self, sysaccount => $sysself);
 if (!$fnret) {
-    main_exit(OVH::Bastion::EXIT_TTL_EXPIRED, "ttl_expired", "Sorry $self, acccess denied (" . $fnret->msg . ")");
+    main_exit(OVH::Bastion::EXIT_TTL_EXPIRED, "ttl_expired", "Sorry $self, access denied (" . $fnret->msg . ")");
 }
 
 #

contrib/nrpe/probes/bastion-healthcheck

@@ -58,7 +58,7 @@ $PROBE_NAME [options]
         --host HOST         Host to connect to. Default: $host
         --port PORT         Port to connect to. Default: $port
         --account ACCOUNT   Account name to use to authenticate. Default: $account
-        --keyfile PATH      Path to the private SSH key file to authenticate. Defaut: $keyfile
+        --keyfile PATH      Path to the private SSH key file to authenticate. Default: $keyfile
         --kbd-interactive   Allow keyboard-interactive authentication. Default: $kbdinteractive
 
         Note: don't specify an other option than --help to get the proper default values.

contrib/nrpe/probes/bastion-http-proxy

@@ -100,7 +100,7 @@ $PROBE_NAME [options]
         --debug         Increase verbosity of logs
         --host HOST     Host to connect to. Default: $host
         --port PORT     Port to connect to. Default: $port (tentatively
-                        autodected from the HTTPS Bastion proxy configuration)
+                        autodetected from the HTTPS Bastion proxy configuration)
         --disabled-ok   Return success even if Proxy is disabled (from config)
 
 EOF

doc/sphinx/administration/configuration/bastion_conf.rst

@@ -5,7 +5,7 @@ bastion.conf
  .. note::
 
    The Bastion has a lot of configuration options so that you can tailor it
-   to your needs. However, if you're just beggining and would like to get
+   to your needs. However, if you're just beginning and would like to get
    started quickly, just configure the ``Main Options``.
    All the other options have sane defaults that can still be customized
    at a later time.

doc/sphinx/administration/logs.rst

@@ -229,7 +229,7 @@ warn-info, die-info
 These logs are produced when some known portion of code (including libraries) called ``warn()`` or ``die()``
 but in a known case that can happen during nominal use.
 Don't use these logs to directly trigger an alert, but you can keep an eye on those, as e.g. an unusually
-high number of occurences in a short time may be a weak signal that somebody or something is misbehaving.
+high number of occurrences in a short time may be a weak signal that somebody or something is misbehaving.
 
 The fields are the same than the ones specified above for **warn** and **die**.
 

doc/sphinx/administration/mfa.rst

@@ -40,7 +40,7 @@ Immediate MFA
 
 This method implements MFA directly using PAM during the initial SSH authentication phase, on the ingress
 side, e.g. when accounts are connecting to the bastion. This entirely resides on SSH/PAM and doesn't even depend
-on The Bastion code (appart from the setup side of the additional factor for each account).
+on The Bastion code (apart from the setup side of the additional factor for each account).
 
 .. note::
 
@@ -81,7 +81,7 @@ MFA logic is implemented. We've left the comments that can be found in the templ
    #    AuthenticationMethods publickey,keyboard-interactive:pam
 
 As explained in the comments within the file, this section (commented by default) refers to the MFA that can be
-configured on the ``root`` account to protect The Bastion's own system. This is out of the scope of this documenation
+configured on the ``root`` account to protect The Bastion's own system. This is out of the scope of this documentation
 section, as we're focusing on the users MFA here, so refer to the :ref:`installation/advanced:2fa root authentication`
 section if that's what you want to achieve.
 
@@ -409,7 +409,7 @@ Here is how it looks like:
 
 As you seen, once ``mfa`` has been entered and the MFA validated, the prompt changes to ``[MFA-OK]`` implying that
 any command usually requiring MFA will not ask for it again (such as ``groupAddServer`` in the above example, as
-we've configured it to). We then explicitely exit the MFA elevated session by entering ``nomfa``.
+we've configured it to). We then explicitly exit the MFA elevated session by entering ``nomfa``.
 
 MFA and --osh batch
 *******************

doc/sphinx/installation/advanced.rst

@@ -12,7 +12,7 @@ Encryption & signature GPG keys
 
 .. note::
 
-   This section is a prequisite to both the :ref:`installadv_encryptrsync` and the
+   This section is a prerequisite to both the :ref:`installadv_encryptrsync` and the
    :ref:`installadv_backup` steps further down this documentation
 
 There are 2 pairs of GPG keys being used by the bastion:

doc/sphinx/installation/upgrading.rst

@@ -505,7 +505,7 @@ We now add all the details of the connection to the *close* logs, those that wer
 in the corresponding *open* log. This way, it is no longer required to correlate both logs with their uniqid
 to have all the data: the *close* log should suffice.
 The *open* log is still there if for some reason the *close* log can't be emitted (kill -9, system crash, etc.),
-or if the *open* and the *close* log are several hours, days or months appart.
+or if the *open* and the *close* log are several hours, days or months apart.
 
 An additional field **duration** has been added to the *close* logs,
 this represents the number of seconds (with millisecond precision) the connection lasted.

doc/sphinx/using/sftp_scp_rsync.rst

@@ -90,7 +90,7 @@ to allow in the case of SCP.
 
 For SCP, you can allow both directions by using the command first with ``--protocol scpdownload``,
 then with ``--protocol scpupload``.
-Note that for SFTP and RYSNC, you can't specify a direction, due to how these protocols work: you either have
+Note that for SFTP and RSYNC, you can't specify a direction, due to how these protocols work: you either have
 SFTP/RSYNC access (hence being able to upload and download files), or you don't.
 
 For example, this is a valid command to add SFTP access to a machine which is part of a group:

etc/bastion/bastion.conf.dist

@@ -9,7 +9,7 @@
 #@ .. note::
 #@
 #@   The Bastion has a lot of configuration options so that you can tailor it
-#@   to your needs. However, if you're just beggining and would like to get
+#@   to your needs. However, if you're just beginning and would like to get
 #@   started quickly, just configure the ``Main Options``.
 #@   All the other options have sane defaults that can still be customized
 #@   at a later time.

lib/perl/OVH/Bastion.pm

@@ -654,7 +654,7 @@ sub is_valid_ip {
 
     if ($fast and index($ip, ':') == -1) {
         # We're being asked to be fast, and it's not an IPv6, just use a regex
-        # and don't instanciate a Net::IP. Also don't use named captures, as they're slower
+        # and don't instantiate a Net::IP. Also don't use named captures, as they're slower
         if (
             $ip =~ m{^
                 (?:
@@ -1162,7 +1162,7 @@ sub build_ttyrec_cmdline_part1of2 {
     # ensure there are no '/'
     $ttyrecFilenameFormat =~ tr{/}{_};
 
-    # preprend (and create) directory
+    # prepend (and create) directory
     my $saveDir = $params{'home'} . "/ttyrec";
     mkdir($saveDir);
     if ($params{'realm'} && $params{'remoteaccount'}) {

lib/perl/OVH/Bastion/ProxyHTTP.pm

@@ -501,7 +501,7 @@ sub process_http_request {
 
     # if there's an egress-protocol header, get it
     my $egress_protocol = $req_headers->{'x-bastion-egress-protocol'} || 'https';
-    # protocol must be explicitely allowed per Bastion policy, by default only https is allowed
+    # protocol must be explicitly allowed per Bastion policy, by default only https is allowed
     if (!grep { $egress_protocol eq $_ } @{$self->{'proxy_config'}{'allowed_egress_protocols'} || []}) {
         return $self->log_and_exit(
             400,

lib/perl/OVH/Bastion/allowkeeper.inc

@@ -718,7 +718,7 @@ sub is_valid_group {
     # gatekeeper: keymygroup-gatekeeper
     # aclkeeper: keymygroup-aclkeeper
     # owner: keymygroup-owner
-    # regular: no check appart from the length and forbidden prefixes/suffixes
+    # regular: no check apart from the length and forbidden prefixes/suffixes
 
     if (!$group) {
         return R('ERR_MISSING_PARAMETER', msg => "Missing parameter 'group'");

tests/functional/docker/target_role.sh

@@ -125,7 +125,7 @@ if [ "$OS_FAMILY" = Linux ] ; then
 
 elif [ "$OS_FAMILY" = OpenBSD ] || [  "$OS_FAMILY" = FreeBSD ] || [ "$OS_FAMILY" = NetBSD ] ; then
     # setup some 127.0.0.x IPs (needed for our tests)
-    # this is not required under Linux where all IPs of 127.0.0.0/8 implicitely work
+    # this is not required under Linux where all IPs of 127.0.0.0/8 implicitly work
     nic=$(ifconfig | perl -ne 'm{^([a-z._0-9]+): flags}i and $nic=$1; m{inet 127\.0\.0\.1} and print $nic and exit')
     : "${nic:=lo0}"
     i=2

tests/functional/tests.d/341-selfaccesses-force-password.sh

@@ -148,7 +148,7 @@ testsuite_selfaccesses_force_password()
         success ${mode}_del_a4_nofp $a0 --osh $del_access_plugin $target --host $remote_ip --user $account4 --port $remote_port
         json .error_code OK .command $del_access_plugin
 
-        # account1 => account4 with force-password but with a non existant hash: fail because --force-password aborts when the forced password cannot be found
+        # account1 => account4 with force-password but with a non existent hash: fail because --force-password aborts when the forced password cannot be found
         success ${mode}_add_a4_fp_hashnotfound $a0 --osh $add_access_plugin $target --host $remote_ip --user $account4 --port $remote_port --force-password "'${fake_hash}'"
         json .error_code OK .command $add_access_plugin